Commit Graph

2346 Commits (792b451f40a6a4160b44f48916c109c927a66248)

Author SHA1 Message Date
Yorick Koster 46ec04dd15 Removed This PC ItemID & increased timeout in WaitForSingleObject
Remove the This PC ItemID to bypass (some) AV.

Timeout for WaitForSingleObject is set to 2,5s. After this timeout a
mutex is released allowed a new payload to be executed.
2017-08-02 15:47:22 -05:00
Yorick Koster e6e94bad4b Replace CreateEvent with CreateMutex/WaitForSingleObject
Time out is set to 1500 ms to prevent running the payload multiple times
2017-08-02 15:47:22 -05:00
Yorick Koster e51e1d9638 Added new DLL templates to prevent crashing of Explorer 2017-08-02 15:47:21 -05:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
Pearce Barry bc3b883758
Add docs, fix typo, add missing report mixin to avoid error. 2017-06-05 13:49:59 -05:00
L3cr0f 6a3fc618a4 Add bypassuac_injection_winsxs.rb module 2017-06-03 12:59:50 +02:00
Brent Cook a01a2ead1a
Land #8467, Samba CVE-2017-7494 Improvements 2017-05-30 00:15:03 -05:00
HD Moore 38491fd7ba Rename payloads with os+libc, shrink array inits 2017-05-27 19:50:31 -05:00
HD Moore b7b0c26f4a Reduce minimum GLIBC versions where we can 2017-05-27 19:28:41 -05:00
HD Moore 184c8f50f1 Rework the Samba exploit & payload model to be magic. 2017-05-27 17:03:01 -05:00
William Webb d4ba28a20b
Land #8457, Update multi/fileformat/office_word_macro to allow custom templates 2017-05-26 15:09:23 -05:00
wchen-r7 ee13195760 Update office_word_macro exploit to support template injection 2017-05-25 15:53:45 -05:00
HD Moore 0520d7cf76 First crack at Samba CVE-2017-7494 2017-05-24 19:42:04 -05:00
HD Moore afc804fa03 Quick Ghostscript module based on the public PoC 2017-04-28 09:56:52 -05:00
anhilo f3d6a8c456 split PSModulePath in multi strings with ';'
1、allows the HTA window to be invisible
2017-04-26 11:01:59 +08:00
wchen-r7 5bbb4d755a
Land #8254, Add CVE-2017-0199 - Office Word HTA Module 2017-04-24 16:05:00 -05:00
Brandon Knight c724f0e05d Handle multiple entries in PSModulePath
This commit handles the case where more than one entry exists in
the PSModulePath environment variable. The updated code will loop
through each entry in the PSModulePath checking for the presence of
powershell.exe. When one is encountered it will execute the payload
and exit the for loop.
2017-04-19 11:22:38 -04:00
nixawk 637098466c Hidden black flash windows / Close HTA windows 2017-04-16 22:53:17 -05:00
nixawk a9df917257 Fix rtf info author 2017-04-14 21:16:39 -05:00
nixawk 8c662562d3 add CVE-2017-0199 format 2017-04-14 13:22:32 -05:00
Koen Riepe 437d9b6f02
Fixed newline error in powershell script. 2017-04-05 12:38:38 +02:00
bwatters-r7 64c06a512e
Land #8020, ntfs-3g local privilege escalation 2017-04-04 09:48:15 -05:00
h00die e80b8cb373 move sploit.c out to data folder 2017-03-31 20:51:33 -04:00
Pearce Barry c00b9ca1e5
Land #8175, Get into the DANGER ZOOOOOOONE 2017-03-31 14:31:22 -05:00
HD Moore b5771b0f72 Get into the DANGER ZOOOOOOONE 2017-03-31 12:26:42 -05:00
dmohanty-r7 1ce7bf3938
Land #8126, Add SolarWind LEM Default SSH Pass/RCE 2017-03-31 11:21:32 -05:00
Mehmet Ince e9f816272d
Adding solarwinds lem default ssh credentials to the wordlist 2017-03-24 13:24:05 +03:00
Jon P 4628dfe16b Remove old banner + rubygems requirements 2017-03-13 17:36:21 +01:00
Jon P c9a5190726 Patching "undefined method empty?" errors + "encoding error" 2017-03-13 17:32:56 +01:00
Jon P e8257122b3 Creation of a sub-module for modules/auxiliary/crawler/msfcrawler
Catching links in comments
2017-03-13 17:18:39 +01:00
Koen Riepe 2fb42ff019
Fixed an issue in the powershell script 2017-03-07 13:56:18 +01:00
wchen-r7 6965a00b45 Resolve #8023, Support backward compatibility for Office macro
Resolve #8023
2017-02-27 13:02:41 -06:00
Koen Riepe 0fa0fe3bf8
Added NTDSgrab module to metasploit. 2017-02-24 10:15:13 +01:00
William Webb 83cc28a091
Land #7972, Microsoft Office Word Macro Generator OS X Edition 2017-02-21 13:26:42 -06:00
Brent Cook 2c570b6709
Land #7942, Microsoft SQL Server Clr Stored Procedure Payload Execution 2017-02-17 17:28:54 -06:00
wchen-r7 3d269b46ad Support OS X for Microsoft Office macro exploit 2017-02-16 12:28:11 -06:00
OJ 2d834a3f5a
Finalise module, and add supporting binaries 2017-02-10 12:56:40 +10:00
bwatters-r7 272d1845fa
Land #7934, Add exploit module for OpenOffice with a malicious macro 2017-02-09 13:42:58 -06:00
wchen-r7 047a9b17cf Completed version of openoffice_document_macro 2017-02-08 16:29:40 -06:00
wchen-r7 cefbee2df4 Add PoC for OpenOffice macro module 2017-02-07 10:12:23 -06:00
wchen-r7 ccaa783a31 Add Microsoft Office Word Macro exploit 2017-02-02 17:44:55 -06:00
William Webb fb74b2d8f3
initial commit of finished product 2017-01-20 11:01:36 -06:00
bwatters_r7 4035dd7485
Land #7796, Improve zip module windows script fallback 2017-01-17 10:59:04 -06:00
Brent Cook 24f7959805
add binary for futex_requeue 2017-01-11 13:25:30 -06:00
Brent Cook 2585c8c8b5
Land #7461, convert futex_requeue (towelroot) module to use targetting and core_loadlib 2017-01-11 13:24:25 -06:00
Brent Cook 31f85b905a add comments 2017-01-07 12:50:11 -06:00
Brent Cook cdcf4cce7d improve zip module windows script fallback
- handle non-English locales
 - wait more reliably, handle network paths where FS info gets stale
 - use absolute paths correctly
2017-01-07 12:27:03 -06:00
Brent Cook 2652f347fa add module binary 2016-12-22 03:25:10 -06:00
Tim e6d4c0001c
hide debug printing 2016-12-20 00:52:11 +08:00
Pearce Barry 1dae206fde
Land #7379, Linux Kernel BPF Priv Esc (CVE-2016-4557) 2016-11-11 16:50:20 -06:00
scriptjunkie 268a72f210
Land #7193 Office DLL hijack module 2016-11-08 23:15:27 -06:00
Yorick Koster 3c1f642c7b Moved PPSX to data/exploits folder 2016-11-08 16:04:46 +01:00
William Webb 31b593ac67
Land #7402, Add Linux local privilege escalation via overlayfs 2016-11-01 12:46:40 -05:00
dmohanty-r7 d918e25bde
Land #7439, Add Ghostscript support to ImageMagick Exploit 2016-10-28 17:07:13 -05:00
Pearce Barry 43fd0a8813
Land #7436, Put Rex-exploitation Gem Back 2016-10-18 16:03:54 -05:00
h00die 0d1fe20ae5 revamped 2016-10-15 20:57:31 -04:00
Brent Cook 741c4b8916 updated android payload gem, removed unused extension jar 2016-10-14 09:59:06 -05:00
Brent Cook 9fbe1ddd9d
Land #7384, CVE-2016-6415 - Cisco IKE Information Disclosure 2016-10-14 08:41:34 -05:00
William Vu 9b15899d91 Add PS template 2016-10-13 17:40:15 -05:00
William Vu 6f4f2bfa5f Add PS target and remove MIFF 2016-10-13 17:39:55 -05:00
David Maloney 7894d5b2c1 Revert "Revert "use the new rex-exploitation gem""
This reverts commit f3166070ba.
2016-10-11 17:40:43 -05:00
Pearce Barry d1a11f46e8
Land #7418, Linux recvmmsg Priv Esc (CVE-2014-0038) 2016-10-09 18:37:52 -05:00
h00die 2dfebe586e working cve-2014-0038 2016-10-08 23:58:09 -04:00
Brent Cook f3166070ba
Revert "use the new rex-exploitation gem"
This reverts commit 52f6265d2e.
2016-10-08 21:55:16 -05:00
William Vu 3b3185069f
Land #7408, Mirai botnet wordlists 2016-10-06 10:07:20 -05:00
Tonimir Kisasondi 83548a0dde added mirai user/pass to unhash set 2016-10-05 22:24:11 +02:00
Tonimir Kisasondi 7ce73be936 Add linux.mirai wordlists 2016-10-05 17:57:08 +02:00
David Maloney 52f6265d2e use the new rex-exploitation gem
use the new rex-exploitation gem instead of the packaged in lbirary code
cleans up a huge ammount of space in framework

MS-1709
2016-10-05 09:05:27 -05:00
h00die 27cf5c65c4 working module 2016-10-04 23:21:53 -04:00
David Maloney af4f3e7a0d use templates from the gem for psh
use the templates now contained within the magical
gem of rex-powershell

7309
MS-2106
2016-10-04 14:14:25 -05:00
mach-0 dcc77fda5b Add back accidentally-deleted nasm comment. 2016-10-03 23:47:13 -05:00
mach-0 eff85e4118 Just remove DT_HASH. 2016-10-03 23:43:19 -05:00
mach-0 8828060886 Fix linux x64 elf-so template.
Previously the elf-so would crash when loaded with LD_PRELOAD,
due to not enough room for the symbol table.
2016-10-03 23:24:31 -05:00
nixawk 7368b995f2 CVE-2016-6415 Cisco - sendpacket.raw 2016-09-29 22:24:55 -05:00
h00die c036c258a9 cve-2016-4557 2016-09-29 05:23:12 -04:00
OJ 0e82ced082
Add LPE exploit module for the capcom driver flaw
This commit includes:

* RDI binary that abuses the SMEP bypass and userland function pointer
  invocation that is provided by the driver.
* Related metasploit module.
* Associated make.build to build from command line.
* Updated command line build file.

This also includes the beginnings of a new set of functions that help
with the management/automation of kernel-related work on Windows for
local priv esc exploits.
2016-09-27 22:37:45 +10:00
Pearce Barry 6382fffc75
Land #7326, Linux Kernel Netfilter Privesc 2016-09-26 12:38:50 -05:00
h00die 23e5556a4c binary drops work! 2016-09-24 21:31:00 -04:00
Joshua J. Drake dbf66f27d5 Add a browser-based exploit module for CVE-2015-3864 2016-09-23 11:14:31 -05:00
Adam Muntner 726079c6e7 diffed with fuzzdb
https://github.com/fuzzdb-project/fuzzdb/blob/master/discovery/predictable-filepaths/webservers-appservers/SAP.txt
2016-09-21 00:20:46 -04:00
dmohanty-r7 4c4f2e45d6
Land #7283, add jsp payload generator 2016-09-16 14:37:59 -05:00
Tim 6cb331e74d
Land 7281, add vagrant default password to wordlist 2016-09-07 13:01:01 +01:00
Tim 96f81b4817
add root:vagrant to root_userpass 2016-09-07 12:59:12 +01:00
Christian Mehlmauer c6012e7947
add jsp payload generator 2016-09-06 22:17:21 +02:00
Pearce Barry 9d5a276e91
Fix recent metasploit-framework.gemspec conflict. 2016-09-06 13:10:28 -05:00
wchen-r7 23a5d737fc Add password "vagrant" to wordlists
The password "vagrant" is often used in Metasploitable3.
2016-09-06 12:36:02 -05:00
Brendan 83160b7e49
Land #7173, Add post module to compress (zip) a file or directory 2016-08-24 09:38:04 -05:00
wchen-r7 e154aafaaa On Error Resume Next for zip.vbs 2016-08-17 17:08:38 -05:00
David Maloney 8bece28d00
remove *scan bins as well
all *scan bins need to be removed as the rex-bin_tools
gem will now handle these and put them in PATH

MS-1691
2016-08-15 14:04:00 -05:00
wchen-r7 8f7d0eae0c Fix #7155 - Add post module to compress (zip) a file or directory
Fix #7155
2016-08-02 14:44:58 -05:00
William Webb 21e6211e8d add exploit for cve-2016-0189 2016-08-01 13:26:35 -05:00
Brent Cook d1f65b27b8
Land #7151, Improve CVE-2016-0099 reliability 2016-07-29 09:22:11 -05:00
Brendan ee40c9d809
Land #6625, Send base64ed shellcode and decode with certutil (Actually MSXML) 2016-07-28 13:01:05 -07:00
wchen-r7 322fc11225 Fix whitespace 2016-07-27 12:37:14 -05:00
wchen-r7 dbe31766af Update CVE-2016-0099 Powershell 2016-07-27 12:35:43 -05:00
Brent Cook b08d1ad8d8
Revert "Land #6812, remove broken OSVDB references"
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
2016-07-15 12:00:31 -05:00
wchen-r7 8f928c6ca1
Land #7006, Add MS16-032 Local Priv Esc Exploit 2016-07-12 15:22:35 -05:00
wchen-r7 621f3fa5a9 Change naming style 2016-07-12 15:18:18 -05:00
Brent Cook 2b016e0216
Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
William Webb b4b3a84fa5 refactor ms16-016 code 2016-07-05 20:50:43 -05:00
khr0x40sh df1a9bee13 Move ps1, Use Env var, Fix license, New Cleanup
MS16-032 ps1 moved to external file.  This ps1 will now detect windir
to find cmd.exe.  The module now also detects windir to find
powershell.exe.  The license is now BSD_LICENSE, and the required
copyright has been moved to the ps1. The previous optional cleanup stage
 is now standard.  The optional 'W_PATH' assignment is corrected to
select the user's variable unless 'W_PATH' is nil.
2016-06-22 09:25:48 -04:00
Brent Cook ba72d3fd92
Land #6988, Update banners to metasploit.com, not .pro 2016-06-17 15:29:30 -05:00
h00die cd207df6b8 adding karaf to unix lists per 4358 2016-06-15 20:31:48 -04:00
Tod Beardsley fe4cfd7e3e
Update banners to metasploit.com, not .pro 2016-06-14 15:11:04 -05:00
wwebb-r7 ab27c1b701 Merge pull request #6940 from samvartaka/master
Exploit for previously unknown stack buffer overflow in Poison Ivy versions 2.1.x (possibly present in older versions too)
2016-06-08 11:25:51 -05:00
samvartaka 5260031991 Modifications based on suggestions by @wchen-r7 2016-06-08 01:17:15 +02:00
William Vu 9128ba3e57 Add popen() vuln to ImageMagick exploit
So... we've actually been sitting on this vuln for a while now. Now that
the cat's out of the bag [1], I'm updating the module. :)

Thanks to @hdm for his sharp eye. ;x

[1] http://permalink.gmane.org/gmane.comp.security.oss.general/19669
2016-06-02 11:35:37 -05:00
Brent Cook 7b024d1a72
Land #6914, add siem to the namelist 2016-05-24 14:22:44 -05:00
x90" * 365 9d545b0a05 Update namelist.txt 2016-05-24 13:00:59 -04:00
William Vu 2bac46097f Remove url() for MVG
Technically unnecessary here.
2016-05-05 14:18:42 -05:00
William Vu 334c432901 Force https://localhost for SVG and MVG
https: is all that's needed to trigger the bug, but we don't want wget
and curl to gripe. localhost should be a safe host to request.
2016-05-05 14:18:42 -05:00
William Vu decd770a0b Encode the entire SVG string
Because why not? Not like people care about what's around the command.
2016-05-05 14:18:42 -05:00
William Vu 232cc114de Change placeholder text to something useful
A la Shellshock. :)
2016-05-05 14:18:42 -05:00
William Vu 5c04db7a09 Add ImageMagick exploit 2016-05-05 14:18:42 -05:00
wchen-r7 71c8ad555e Resolve #6839, Make Knowledge Base as default
Resolve #6839
2016-05-02 14:12:09 -05:00
wchen-r7 d80d2bb8d3 Land #6825, Fixed borders on code boxes 2016-04-27 11:59:52 -07:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references.
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
2016-04-23 12:32:34 -05:00
Brent Cook 57ab974737 File.exists? must die 2016-04-21 00:47:07 -04:00
wchen-r7 22831695dd
Land #6721, Add additional SOLMAN default creds 2016-03-30 10:48:53 -05:00
Meatballs 4f84c5a3b7
Add additional SOLMAN default creds 2016-03-29 15:53:15 +01:00
f7b053223a9e 629bc00696 Use MSXML decoder instead 2016-03-25 22:52:16 +09:00
wchen-r7 57984706b8 Resolve merge conflict with Gemfile 2016-03-24 18:13:31 -05:00
wchen-r7 76c6f8c19d Move module_doc_template 2016-03-24 17:07:19 -05:00
l0gan e29fc5987f Add missing stream.raw for hp_sitescope_dns_tool
This adds the missing stream.raw.
2016-03-15 11:06:06 -05:00
wchen-r7 d6742c4097 Change <hr> color 2016-03-10 10:44:18 -06:00
wchen-r7 ad0a948ae7 Update module_doc_template 2016-03-08 12:21:20 -06:00
wchen-r7 58b8c35146 Escape HTML for KB and update rspec 2016-03-08 10:10:10 -06:00
wchen-r7 027315eeaa Update post_demo_template 2016-03-05 20:33:40 -06:00
wchen-r7 03eb568af7 Add --- to make sections to stand out more 2016-03-05 15:17:19 -06:00
wchen-r7 f4866fd5f0 Update template and web_delivery doc 2016-03-03 01:27:14 -06:00
wchen-r7 cececa749d Update css 2016-03-03 00:58:17 -06:00
wchen-r7 11964c5c1a Add remote exploit demo and web_delivery doc 2016-03-02 19:52:11 -06:00
f7b053223a9e 19bd7b98f4 Fix minor indenting issue 2016-03-01 11:50:56 +09:00
f7b053223a9e c8c5549b19 Send base64ed shellcode and decode with certutil 2016-03-01 10:48:25 +09:00
wchen-r7 fd8e3e719d real demo 2016-02-26 14:43:53 -06:00
wchen-r7 ed0dfa5725 basic usage 2016-02-26 14:35:07 -06:00
wchen-r7 250ce6fb17 lets be clear 2016-02-26 14:30:12 -06:00
wchen-r7 1c53e53d23 More info about how to write the doc 2016-02-26 14:24:24 -06:00
wchen-r7 e40f1e69db Update default template 2016-02-26 14:18:24 -06:00
wchen-r7 6060c7b09b We make this pretty 2016-02-26 14:15:54 -06:00
wchen-r7 95a9f42996 Add a template for future module documentation 2016-02-24 19:28:17 -06:00
wchen-r7 24530e2734 Scrollable list, tab name change, print_status 2016-02-19 20:46:39 -06:00
wchen-r7 34d10d7829 Should be fullname 2016-02-19 00:13:55 -06:00
wchen-r7 7444a0ff04 Make it more obvious which tab the user is viewing 2016-02-18 17:59:45 -06:00
wchen-r7 4fc7008561 Close div properly 2016-02-18 16:12:27 -06:00
wchen-r7 56c2ba9f75 Turn the HTML template into external 2016-02-18 15:41:14 -06:00
wchen-r7 e5ad6fa781 Support "knowledge base" 2016-02-18 15:02:24 -06:00
wchen-r7 f8d6a59cdc Change wording 2016-02-18 12:19:25 -06:00
wchen-r7 089d6985b6 Add more demo templates 2016-02-18 00:17:32 -06:00
wchen-r7 1bfe1ad140 More demos 2016-02-17 19:04:06 -06:00
wchen-r7 76f2c917ee Allow no GITHUB_OAUTH_TOKEN, and gsub for demo 2016-02-17 15:38:30 -06:00
wchen-r7 714106174e Do external erb template 2016-02-17 14:27:29 -06:00
wchen-r7 b0cfb4aacf Add info -d to show module documentation in .md 2016-02-16 22:44:03 -06:00
Jay Turla aeb1d80e0d Adding top 100 adobe passwords 2016-02-11 08:55:45 +08:00
Bigendian Smalls b3e8bd1dab
Updated zsploit screens to use std msf colors
Using Rex::Ui::Text::Colors now instead of ansi codes
Thanks to @mainframed for the quick turnaround
2016-02-09 12:01:25 -06:00
Bigendian Smalls 90e37ea749
Added three cool new mainframe themed screens
Thanks to *Solider of Fortran* @mainframed for his amazing original artwork!
These set of 3 limited edition, original, one-of-a-kind screens will modernize
your msf installation to the 1960s and beyond.  No seriously they are super cool
and now that metasploit-framework supports System Z - it seemed only fitting.
2016-01-20 06:10:51 -06:00
Brent Cook 7f9b804060
Land #6410, remove JtR binaries, update for independent framework releases 2016-01-06 14:16:49 -06:00
Chris Doughty 97ae09729c Add john.conf to data dir as referenced by: lib/metasploit/framework/jtr/cracker.rb 2016-01-06 13:00:05 -06:00
Chris Doughty ae57bce262 Adding wordlists back to path 2016-01-06 12:54:25 -06:00
JT bf764deefb Add SCADA Default UserPass List
This list was based on SCADAPASS: https://github.com/scadastrangelove/SCADAPASS
2016-01-06 12:25:29 +08:00
William Vu be340774ea
Land #6432, Piata SSH scanner wordlist 2016-01-05 10:15:17 -06:00
JT 66e2d945d8 Add more SAP ICM paths 2016-01-05 13:05:46 +08:00
JT 913e8ec525 Update piata_ssh_userpass.txt 2016-01-05 11:28:54 +08:00
JT 713828d0b6 Add piata wordlist
Add user and pass wordlist from Piata Mass SSH scanner
2016-01-05 11:27:04 +08:00
Chris Doughty 8090bbc750 Changes to support framework as a gem 2015-12-30 11:00:45 -06:00
wchen-r7 5f5b3ec6a1 Add MS15-134 Microsoft Windows Media Center MCL Information Disclosure
CVE-2015-6127
2015-12-17 22:41:58 -06:00
dmohanty-r7 eb4611642d Add Jenkins CLI Java serialization exploit module
CVE-2015-8103
2015-12-11 14:57:10 -06:00
Brent Cook c301c7c7b0 use wav with sounds plugin for windows / linux compat 2015-12-08 16:20:44 -06:00
wchen-r7 d44224142e Update audio files 2015-11-25 23:41:18 -06:00
wchen-r7 776455d10a Add another sound and event
Add sound: "We've got a shell"
Add event on_session_fail
2015-11-25 22:46:51 -06:00
wchen-r7 af8c557fa9 Add the MP3s 2015-11-25 18:09:27 -06:00
wchen-r7 fa32f43ee4 Muts says "Try harder!" or "Excellent" for the sounds plugin
With the sounds plugin, muts will say "excellent!" when a session
is received. If a session is terminated (either exited or lost),
muts will say "try harder!"
2015-11-25 18:06:58 -06:00
scriptjunkie 8703987535 Add HTTPS and new transport support for hop 2015-11-11 21:25:23 -06:00
Louis Sato 9c347fbaae
Land #6195, remove ff buildid from os.js 2015-11-05 15:01:15 -06:00
William Vu 2f65405a4e Fix missing brace and indent level 2015-11-05 14:30:26 -06:00
James Lee 1f73bbe7ca
Remove obsolete files in data/gui/ 2015-11-02 10:44:47 -06:00
scriptjunkie d90f87449a Fix merge 2015-09-22 16:55:01 -05:00
scriptjunkie 7d2a2a8b64 Fix issues with using hop for new core 2015-09-22 16:54:02 -05:00
Mo Sadek 48b06a2cd9 Fixed no detection error 2015-09-18 10:48:24 -05:00
Mo Sadek 858d3f5a55 Closes #3936, Remove Firefox buildid from os.js 2015-09-16 16:04:22 -05:00
wchen-r7 c7afe4f663
Land #5930, MS15-078 (atmfd.dll buffer overflow) 2015-09-16 15:33:38 -05:00
jvazquez-r7 9626596f85
Clean template code 2015-09-12 13:43:05 -05:00
jvazquez-r7 53f995b9c3
Do first prototype 2015-09-10 19:35:26 -05:00
jvazquez-r7 30cb93b4df
Land #5940, @hmoore-r7's fixes for busybox post modules 2015-09-08 15:12:23 -05:00
wchen-r7 122d57fc20
Land #5945, Add auto-accept to osx/enum_keychain 2015-09-08 10:56:08 -05:00
joev 1b320bae6a Add auto-accept to osx/enum_keychain. 2015-09-07 21:17:49 -05:00
HD Moore 091c4d5214 Expand and reorder 2015-09-05 22:51:32 -05:00
HD Moore 76d74576db Remove FTP-only default credentials 2015-09-05 22:39:51 -05:00
HD Moore 21b69b9430 Remove HP MPE/iX password defaults 2015-09-05 22:38:30 -05:00
jvazquez-r7 eaf51a2113
Land #5722, @vallejocc's busybox work 2015-09-04 13:36:44 -05:00
jvazquez-r7 b39575928e
Update reflective exploit 2015-09-03 11:01:41 -05:00
jvazquez-r7 b912e3ce65
Add exploit template 2015-09-02 17:28:35 -05:00
HD Moore 4090c2c8ea
Land #5880, adds ScriptHost UAC bypass for Win7/2008 2015-09-02 14:14:18 -05:00
James Lee 1b778d0650
Land #5898, use gem version of php & python meterp 2015-08-31 16:16:36 -05:00
Brent Cook 30830ad9e5
Land #5262, fix webcam_chat and tidy adjacent code 2015-08-31 14:21:24 -05:00
Brent Cook a51d3df753 typo 2015-08-31 14:18:55 -05:00
wchen-r7 9364982467
Land #5665, Add osx rootpipe entitlements exploit for 10.10.3 2015-08-28 13:33:16 -05:00
wchen-r7 11db9c2112
Land #5896, Update ms15_004_tswbproxy to use a Reflective DLL 2015-08-27 17:11:26 -05:00
Brent Cook 593f501571 finish move of php / python meterpreters to metasploit-payloads 2015-08-27 11:34:22 -05:00
HD Moore a2d5511e39
Land #5379, new post modules to load into powershell sessions 2015-08-26 17:11:40 -05:00